diff options
author | varac <varacanero@zeromail.org> | 2015-04-28 14:28:21 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2015-04-28 14:28:21 +0200 |
commit | 3aa462bd2402c81ac85720ca9337d45acbf04ff3 (patch) | |
tree | 90e78177e57200b260388f9ec7d1d34d018b0eed /puppet/modules/site_postfix | |
parent | 87a2005d7a2ab9cccce67eea7f25de2a2e3d789a (diff) |
Reject inbound mail to local system users that don't appear in
/ect/aliases #6829
We began to recieve spam for vmail@DOMAIN. So we want to block
inbound mail to local system users. However, users in the /etc/aliases
file are still accepted on inbound mail - see
https://leap.se/code/issues/6909 for a follow up.
Change-Id: I03d3014984c4bd27f90147125fb037b68716624d
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 81f10b77..49692d24 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -1,3 +1,6 @@ +# +# configure mx node +# class site_postfix::mx { $domain_hash = hiera('domain') @@ -35,6 +38,12 @@ class site_postfix::mx { # because the satellites need to have a different value 'smtp_tls_security_level': value => 'may'; + # reject inbound mail to system users + # see https://leap.se/code/issues/6829 + # this blocks *only* mails to system users, that don't appear in the + # alias map + 'local_recipient_maps': + value => '$alias_maps'; } include site_postfix::mx::smtpd_checks |